Understanding the significance of security for our clients, we have embedded a multi-layered security framework into our product and the underlying infrastructure. This includes:

​

Data Classification: Protection and Retention: Recognizing the sensitivity and regulatory implications of financial data, we follow strict data classification and retention policy. This policy ensures that data is categorized based on its sensitivity, and appropriate security controls are applied accordingly. Additionally, we adhere to strict retention schedules, facilitating the timely disposal of data that is no longer required for operational or regulatory purposes.
Regular Employee Training: Our staff undergoes regular training to stay abreast of the latest security threats and best practices. A well-informed team is the first line of defense against potential security breaches.

​

End-to-End Encryption: All data, both at rest and in transit, is encrypted using industry-leading algorithms, ensuring the confidentiality and integrity of your valuable information.

Access Controls: Our platform employs rigorous access controls, allowing you to define and manage user permissions with precision. Role-based access ensures that only authorized personnel can access sensitive data. Access is terminated in a timely manner, accompanied by periodic user access reviews.

​

Secure Software Development: Our AML solution is built on the foundation of secure software development practices. We adhere to industry-recognized methodologies such as DevSecOps, integrating security throughout the software development lifecycle. Code reviews, static and dynamic analysis, and regular security testing are integral components, ensuring that potential vulnerabilities are identified and addressed early in the development process.
Asset Management: Understanding the criticality of asset management in securing financial data, we implement robust systems to track and manage assets throughout their lifecycle. This includes regular inventories, monitoring, and classification of assets. By maintaining a comprehensive understanding of our infrastructure and data assets, we ensure that security controls are effectively applied to protect against security threats.

​

Continuous Security Monitoring: Real-time monitoring of system activities enables us to detect and respond to security incidents promptly. This proactive stance is crucial in mitigating potential risks before they escalate.

Incident Response Planning: We have a robust incident response plan in place, ensuring that in the unlikely event of a security incident, we can swiftly and effectively mitigate the impact, minimizing downtime and data exposure. This also includes Disaster Recovery and Business Continuity Planning for uninterrupted operations.

​

Physical Security: Leveraging infrastructure provided by key Infrastructure-as-a-Service (IaaS) providers, we extend the highest level of physical security to our clients. The data centers of our chosen IaaS providers undergo rigorous assessments by external auditors, ensuring compliance with industry standards and regulations. This commitment to physical security safeguards against unauthorized access, environmental threats, and other physical risks, providing an additional layer of protection to our clients' data.

​

Regular Security Audits: We conduct security audits regularly, employing third-party experts to evaluate our systems and identify potential vulnerabilities. 

SOC 2 compliance: Our security measures align with SOC 2 requirements for the Security and Availability Trust Criteria, which has been confirmed by an external audit firm by issuing us a SOC 2 Type 1 report. Please reach out if you would like to receive a copy of the report.